Webinar

Introducing EMQX 6.1: Durable MQTT Streams and Analytics-Ready Data | Register Now →

Security & Trust Center

Enterprise-grade security with industry-leading compliance certifications.

Report Vulnerability

Security Features

Tenant Isolation

EMQX Cloud ensures complete data segregation between tenants with dedicated resources.

Authentication & Authorization

EMQX Cloud supports multiple auth methods including username/password, JWT, and X.509 certificates.

Role-based Access Control

Fine-grained RBAC with comprehensive audit logs to track all user and system activities.

Data Confidentiality

TLS encryption for all connections with VPC peering and PrivateLink for private network access.

Compliance Certifications

Trusted by enterprises in automotive, healthcare, finance, and more.

TISAX

TISAX (Trusted Information Security Assessment Exchange) is a standardized framework for conducting information security assessments and facilitating information exchange, designed to ensure the security of data within supply chains. Spearheaded by the German Association of the Automotive Industry (VDA), TISAX has achieved broad acceptance across the global automotive sector. TISAX certification allows companies to demonstrate adherence to industry data security and information exchange standards, enhancing trust among partners and customers. While it is a benchmark in the automotive industry, TISAX is also extensively adopted in other sectors for information security assessments. EMQ is proud to have achieved the VDA-TISAX Information Security High Level (AL2) certification.

SOC 1

The SOC 1 report, issued in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA), or in accordance with the International Standard on Assurance Engagements 3402, provides management of the service organization, user entities, and the independent auditors of the user entities with information and a service auditor's report related to the service organization's processes and controls affecting the entity's internal control over financial reporting. The SOC 1 report includes an opinion on the fairness of the system's description, the suitability of the design of the controls to achieve specified control objectives, and, in a type 2 report, the operating effectiveness of those controls.

SOC 2 Type 1

SOC 2 is a regularly refreshed report that focuses on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy. We currently offer SOC 2 Type 1 reports for EMQX Cloud and EMQX Enterprise.

SOC 2 Type 2

The SOC 2 Report (System and Organization Controls 2 Report) is a third-party independent report developed by the American Institute of Certified Public Accountants (AICPA) for auditing a service provider's services and internal controls based on the Trusted Service Criteria. It is a detailed report with a high degree of objectivity, continuity, and acceptance as globally recognized security audit standard. The SOC 2 report has become an important reference for domestic and international enterprises when choosing a third-party cloud service provider. Achieving compliance ensures that EMQ has robust controls in place to protect its systems and data. With its SOC 2 compliance, EMQ provides customers with the confidence that their data is continually protected by EMQ's platform.

ISO/IEC 27001:2022

The ISO/IEC 27001:2022 is an international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. EMQ adopts this standard to demonstrate our commitment to information security and to meet various regulatory and client requirements.

ISO/IEC 27701:2019

ISO/IEC 27701:2019 is an extension to the ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. As a globally recognized management system standard, ISO/IEC 27701:2019 offers guidance on privacy protection, detailing how organizations should handle personal information. It plays a pivotal role in showcasing compliance with privacy regulations globally. EMQ's adherence to this certification underscores our dedication to privacy and data protection.

ISO/IEC 20000-1:2018

The ISO/IEC 20000-1:2018 is an international standard for service management systems (SMS). It specifies requirements for establishing, implementing, maintaining, and continually improving an SMS to ensure that organizations consistently deliver quality IT services. Adopting this standard demonstrates EMQ's commitment to efficient service delivery and continuous improvement in IT service management processes.

ISO 9001:2015

ISO 9001:2015 is the international standard for quality management systems (QMS). It sets out criteria for ensuring consistency in products and services, emphasizing continuous improvement and customer satisfaction. EMQ adopts this standard to demonstrate our commitment to delivering high-quality products and services and meeting customer and regulatory requirements.

GDPR Readiness

The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA), granting individuals control over their data with a focus on transparency and security. Organizations need clear consent for data actions. EMQ is committed to supporting our customers in their GDPR compliance efforts.

HIPAA

HIPAA, the Health Insurance Portability and Accountability Act, is a U.S. law enacted in 1996. It sets standards for protecting sensitive patient health information. It mandates healthcare providers and other covered entities to ensure the confidentiality, integrity, and security of health data. EMQ can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with EMQ.

Get in Touch

Questions about security? We're here to help.

Have queries about our security and compliance?

Found a potential security vulnerability in EMQX?

Report It

Security & Trust Center

Security Features